The iTrust Local Reputation System for Mobile Ad-Hoc Networks

The iTrust search and retrieval network serves as a trustworthy medium for the distribution of information, t hat addresses the problems of censorship and filtering of information. To combat subversive behavior of nodes that might undermine the trustworthiness of iTrust, a reputation system is neede d. The iTrust reputation system presented in this paper detect s and blacklists malicious nodes. It minimizes the expectati on of cooperation between nodes through local reputations bas ed solely on direct observations of the nodes. Simulation resu lts demonstrate that local neighborhoods provide better malic ious node detection and blacklisting than does the entire networ k, which is particularly appropriate for mobile ad-hoc networ ks. Keywords—search and retrieval; mobile ad-hoc network; peerto-peer network; reputation management; iTrust I. I NTRODUCTION Mobile ad-hoc networks (MANETs) are intrinsically dependent on cooperation and collaboration among nodes. MANETs do not rely on a static network infrastructure, but they do rely on several assumptions [18]. Due to the lack of infrastructure and other limiting factors, such as transmi s ion range, the nodes in a MANET develop symbiotic relationships . Such relationships assume that all of the nodes are equally trustworthy and have the same objectives. Such assumptions about the nodes are not appropriate for the iTrust search and retrieval network [1], [14], [15], which aims to ensure freedom from censorship and filtering of information, even i n the presence of malicious nodes. A MANET requires cooperation among the nodes in the network to function properly. Without the fulfillment of thi s requirement, packets would not be forwarded, routes would n ot be established, and the network would not function properly . Despite the importance of cooperation among the nodes in a MANET, it is not guaranteed. Consequently, a reputation system is needed. However, the addition of a reputation syst em, in which reports of misbehavior are collected and redistrib u ed, treads dangerously close to encroaching on the fundamental principle of iTrust, which is to provide a distributed, unce sorable, reliable, trustworthy system with no central auth ori y. The iTrust reputation system for MANETs, presented in this paper, is based on local reputations and neighborhoods , and uses direct observations of the nodes to detect maliciou s neighbors, with as few interactions between the nodes as possible. It avoids reliance on information from other node s, while maintaining a method of detecting the misbehavior of malicious nodes. The iTrust reputation system is designed specifically for iTrust operating over MANETs. In designing the reputation system for iTrust MANETs, we investigated the merits of utilizing a local neighborhoo d for each node. Simulation results provide increased insigh t into the rationale behind using local neighborhoods for iTr ust. They reveal a distinct relationship between neighborhood s ize and the number of transmissions required to detect maliciou s nodes. Essentially, with smaller numbers of transmissions , local neighborhoods consistently yield a higher proportio n of malicious nodes detected and blacklisted, compared to the entire network with more transmissions. This finding is particularly important for MANETs, as it is necessary to eliminate malicious nodes as quickly as possible with as few interactions and transmissions as possible, in order to red uce the costs associated with a reputation system. The rest of this paper is organized as follows. Section 2 presents an overview of the iTrust search and retrieval netw ork. Section 3 describes the iTrust local reputation system, and the details of its three modules. Section 4 provides an evaluati on of the iTrust reputation system, and insight into the use of neighborhoods. Section 5 discusses other reputation syste ms, and their relationship to the iTrust reputation system. Sec tion 6 concludes the paper and presents future work. II. T HE ITRUST SEARCH AND RETRIEVAL NETWORK The iTrust search and retrieval network [1], [14], [15] addresses potential problems with centralized search and r etrieval systems that are subject to censorship, filtering, a nd suppression of information. Moreover, the iTrust network i s intended to be robust against malicious nodes. To achieve th se objectives, the iTrust system adopts a probabilistic, dist ribu ed, and decentralized approach. The nodes that participate in an iTrust network are referred to as theparticipating nodes (Figure 1). Some of the participating nodes, thesource nodes, produce information, and make that information available to other participating nodes (Figure 2). The source nodes also produce metadata tha t describes their information, and distribute the metadata, along with the address of the information, to randomly chosen node s in the iTrust network. Other participating nodes, the requesting nodes, request and retrieve information. The requesting nodes generate requests (queries) that contain keywords, a n distribute their requests to randomly chosen nodes in the iT rust network (Figure 3). Nodes that receive a request compare the keywords in the request with the metadata they hold. If a node finds a match, which we call an e counter, the matching node returns the address of the associated information to th e requesting node (Figure 4). The requesting node then uses th e address to retrieve the information from the source node. A match between the keywords in a request received by a node and the metadata held by a node can be an exact match or a partial match, or can correspond to synonyms. Fig. 1. An iTrust network with participating nodes. Fig. 2. A source node distributes metadata, describing its i nformation, to randomly chosen nodes in the network. Fig. 3. A requesting node distributes its request to randoml y chosen nodes in the network. One of the nodes has both the metadata and the r equ st and, thus, an encounter occurs. Fig. 4. A node matches the metadata and the request and report s the match to the requesting node. The requesting node then retrieves the information from the source node. The iTrust search and retrieval system is based on the hypergeometric distribution [8], which is given in terms of the following variables: n: The number of participating nodes x: The proportion of then participating nodes that are operational, i.e., 1 − x is the proportion of nonoperational or malicious nodes m: The number of participating nodes to which the metadata are distributed r: The number of participating nodes to which the requests are distributed k: The number of participating nodes that report matches to a requesting node. In iTrust, the probabilityP (k ≥ 1) that a request yields one or more matches is given by: P (k ≥ 1) = 1− n−mx n n− 1−mx n− 1 . . . n− r + 1−mx n− r + 1 (1) for n ≥ mx+ r. If mx+ r > n, thenP (k ≥ 1) = 1. In [14], we showed that, if m = r = 2⌈√n⌉, then the probability that a request yields one or more matches is P (k ≥ 1) ≥ 1− e ∼ 0.9817. We use this result and Equation (1) in our evaluation of the iTrust reputation system given in Section IV. III. T HE ITRUST LOCAL REPUTATION SYSTEM The iTrust local reputation system for MANETs monitors packet forwarding, and watches for non-operational nodes a nd nodes that do not respond to requests (queries). A local reputation system reduces overheads and the dependence among nodes. It also reduces the amount of storage required, becau s only information about one-hop neighboring nodes needs to be recorded. In contrast, a global reputation system would result in higher overheads, and also a higher expectation of cooperation among nodes [1]. The iTrust reputation system is based on a local neighborhood of each node, consisting of the nodes within one hop of the node, and a neighborhood watch mechanism that monitors the interactions of the neighboring nodes. The iTr ust reputation system maintains reputation ratings of the nodes. A node uses only direct observations to update the reputatio n ratings of its neighboring nodes. Consequently, the reputa tion ratings of different nodes might not be consistent. This des ign choice limits the expectation of cooperation among nodes, t hus reducing the opportunities for malicious behavior. The two primary types of malicious behavior that the iTrust reputation system addresses are: • A node does not send responses to requests when it has a match. • A node sends requests and responds to requests, but does not forward messages. Thus, the iTrust reputation system primarily serves to ensu re that nodes send messages as expected; it does not address oth er threats such as Sybil attacks. In the extreme case in which a node becomes isolated due to the lack of any well-behaved neighbors, the node needs to move to another location where well-behaved nodes are present. The two main principles under which the iTrust reputation system operates are: • Intermittent behavior is not punished as much or as rapidly as consistently bad behavior, because intermittent bad behavior is more difficult to detect. • Efforts are directed towards observing the behavior of nodes within one hop. Malicious behavior that occurs beyond that range is the responsibility of other nodes. Each node in the MANET maintains a local reputation table that consists of a list of nodes within its local neighborhood. Whenever an interaction with another node occurs, the node increases or decreases the reputation rating of that ot er node. This mechanism addresses malicious behavior. The iTrust reputation system consists of three modules that interact with each other. These three modules are the Neighborhood Module, the Reputation Rating Module, and the Monitoring Module, which are illustrated in Figure 5 and are described below. Fig. 5. The three modules of the iTrust reputation system and their interactions. A. Neighborhood Module The Neighborhood Module at a node maintains the local neighborhood